<?php
/* FILE: collection_list.php
 * DESCRIPTION: Page displaying the user's list of collections inside an iframe in index_secure.php
 * POST DATA: N/A
 * GET DATA: sb (sort by data)
 */ 

//Get the elements already in the URL
function getUrlElements()
{
	$elements = 
		 ($_GET['cn'] != "" ? "&cn=".$_GET['cn'] : "")
		.($_GET['cd'] != "" ? "&cd=".$_GET['cd'] : "")
		.($_GET['cr'] != "" ? "&cr=".$_GET['cr'] : "")
		.($_GET['co'] != "" ? "&co=".$_GET['co'] : "");
	return $elements;
}

// Inialize session
session_start();

// Include database connection settings
include('config.inc');
// Include functions
include('includes/functions.php');

$sortby = $_GET['sb'];
$name = $_GET['cn'];
$desc = $_GET['cd'];
$rate = $_GET['cr'];
$owner = $_GET['co'];

if($sortby == "")
{
	$collectionSelection = 
		"SELECT * FROM collection WHERE collection_user_id = '" 
		.  $_SESSION['user_name'] . "' "
		. ($name != "" ? "AND collection_name LIKE '%" . mysql_real_escape_string($name) . "%' " : "")
		. ($desc != "" ? "AND collection_desc LIKE '%" . mysql_real_escape_string($desc) . "%' " : "")
		. ($rate != "" ? "AND collection_rating LIKE '%" . mysql_real_escape_string($rate) . "%' " : "")
		. ($owner != "" ? "AND collection_user_id LIKE '%" . mysql_real_escape_string($owner) . "%' " : "")
		. "ORDER BY collection_name ASC;";
}
else
{
	$collectionSelection = 
		"SELECT * FROM collection WHERE collection_user_id = '" 
		.  $_SESSION['user_name'] . "' "
		. ($name != "" ? "AND collection_name LIKE '%" . mysql_real_escape_string($name) . "%' " : "")
		. ($desc != "" ? "AND collection_desc LIKE '%" . mysql_real_escape_string($desc) . "%' " : "")
		. ($rate != "" ? "AND collection_rating LIKE '%" . mysql_real_escape_string($rate) . "%' " : "")
		. ($owner != "" ? "AND collection_user_id LIKE '%" . mysql_real_escape_string($owner) . "%' " : "")
		. "ORDER BY " 
		. mysql_real_escape_string($sortby) 
		. " ASC;";
}

if(!$result = mysql_query($collectionSelection))
{
	// Die if bad results
	die("Error: ".$collectionSelection);
}

$c = 0;
$color = '#FFFF99';

if (mysql_num_rows($result) >= 1) {
	echo "<html><body link=\"blue\" vlink=\"blue\">";
	echo "<a href=\"collection_list.php\">Reset Search & Sort</a>";
	echo "<h3>Your Collections</h3><table cellspacing=\"0\" border=\"1\" cellpadding=\"2\">";
	echo "<tr bgcolor=\"#000000\" style=\"border-style:none;\">";
		echo "<form action=\"process_search_collections.php?sb=".$sortby."\" method=\"POST\" name=\"csearch\">";
		echo "<td style=\"border-style:none;\"><input type=\"text\" name=\"cname\" style=\"width:100%;\"/></td>";
		echo "<td style=\"border-style:none;\"><input type=\"text\" name=\"cdesc\" style=\"width:100%;\"/></td>";
			echo "<td style=\"border-style:none;\"><select name=\"crate\">";
			echo "<option value=\"null\">Rating</option>";
			echo "<option value=\"zero\">0</option>";
			echo "<option value=\"one\">1</option>";
			echo "<option value=\"two\">2</option>";
			echo "<option value=\"thr\">3</option>";
			echo "<option value=\"four\">4</option>";
			echo "<option value=\"five\">5</option>";
			echo "</select>";
			echo "</td>";		
		echo "<td style=\"border-style:none;\"><input type=\"text\" name=\"cuser\" style=\"width:100%;\"/></td>";
		echo "<td style=\"border-style:none;\"><input type=\"submit\" value=\"Search\" style=\"width:100%;\"/></td>";
	echo "</form></tr>";
	echo "<tr bgcolor=\"#FFFF99\" style=\"font-weight:bold;\">"
		. "<td><a href=\"collection_list.php?sb=collection_name".getUrlElements()."\">Collection Name</a></td>"
		. "<td>Description</td>"
		. "<td><a href=\"collection_list.php?sb=collection_rating".getUrlElements()."\">Rating</a></td>"
		. "<td><a href=\"collection_list.php?sb=collection_user_id".getUrlElements()."\">Owner</a></td>"
		. "<td>Actions</td></tr>";
	while ($row = mysql_fetch_assoc($result)) {
		if($c % 2 == 0)
			$color = '#FFFFFF';
		else
			$color = '#FFFF99';
		echo "<tr bgcolor=\"" . $color . "\">";
	    echo "<td style=\"font-weight:bold;\"><a href=\"collection_item_list.php?colname="; 
	    echo $row['collection_name'];
	    echo "\">";
	    echo removeUID($row['collection_name']);
	    echo "</a></td><td>";
	    echo htmlspecialchars($row['collection_desc']);
	    echo "</td><td>";
	    echo $row['collection_rating'];
	    echo "</td><td>";
	    echo $row['collection_user_id'];
	    echo "</td><td style=\"border-width: 0px;\" bgcolor=\"#FFFFFF\">";
		echo "<a href=\"process_delete_collection.php?cname="
			. mysql_real_escape_string($row['collection_name'])
			. "\""
			. "onmouseover=\"document.del" . (string)$c . ".src='./images/del_hover.gif'\" "
			. "onmouseout=\"document.del" . (string)$c . ".src='./images/del.gif'\" "
			. "onclick=\"return val_form_this_page()\" style=\"color:#FFFFFF;\">";
		echo "<img src=\"./images/del.gif\" name=\"del" . (string)$c . "\" /></a>&nbsp;";
		echo "<a href=\"new_collection.php?cname="
			. mysql_real_escape_string($row['collection_name'])
			. "&edit=true\" target=\"_parent\""
			. "onmouseover=\"document.mod" . (string)$c . ".src='./images/mod_hover.gif'\" "
			. "onmouseout=\"document.mod" . (string)$c . ".src='./images/mod.gif'\" "
			. "onclick=\"return val_form_this_page()\" style=\"color:#FFFFFF;\">";
		echo "<img src=\"./images/mod.gif\" name=\"mod" . (string)$c . "\" /></a>&nbsp;";
		echo "</td>";
		echo "</tr>";
	    
	    $c = $c + 1;
	}
	
	echo "</table></body></html>";
}
else
	echo "No collections found. If this page was reached via search, click the Collectionoid logo to try again.";

?>